[Chugalug] Email message authentication, encryption

Dave Brockman dave at brockmans.com
Fri Dec 28 15:51:49 UTC 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/27/2012 8:15 PM, David White wrote:
> I'm very familiar with SPF, DKIM, and DMARC records (in DNS), but
> while these mechanisms provide a way for receiving mail servers to
> reliably identify whether or not the incoming message came from the
> legitimate sender, it seems to me that this doesn't provide a
> reliable way to reliably determine whether or not the message was
> modified in transit.

SPF and DKIM (DMARC is just a policy using the first two) do not
reliably indicate anything about the sender.  They verify the server
sending the mail is "approved" (in SPF case) or signed some subset of
the message content + headers (DKIM).  That might give you some server
+ domain relationship information, but it gives you absolutely nothing
as far as sender verification/validation.  If you want to verify
message content was not modified, a GPG signature can give you that,
but the other end has to be running GPG as well.

Regards,

dtb
- -- 
"Some things in life can never be fully appreciated nor
understood unless experienced firsthand. Some things in
networking can never be fully understood by someone who neither
builds commercial networking equipment nor runs an operational
network."  RFC 1925
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.17 (MingW32)
Comment: Using GnuPG with undefined - http://www.enigmail.net/

iEYEARECAAYFAlDdwBQACgkQABP1RO+tr2T1EwCdHBmaw0/tyWxGjXKeZRPj2Jlm
g/0An2QL7ZBtZ5Dv1xqdqBkWEATosJr6
=8Kcf
-----END PGP SIGNATURE-----


More information about the Chugalug mailing list